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DETAILED ACTION 

1 . This action is issued in response to the Amendment filed on 09/06/2006. 

2. Claims 1,10, and 18 were amended. No claims were canceled. No claims were 
added. 

3. This action is made Final. 

4. Claims 1-23 are pending in this application. 

5. Applicant's arguments filed on 09/06/2006 have been fully considered but they 
are not persuasive. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

7. Claims 1 - 23 are rejected under 35 U.S.C. 102(b) as being an anticipated by 
Win et al. (Win hereinafter) (US Patent No. 6,182,142 B1, issued: January 30, 2001). 

Regarding Claims 1, and 10, Win discloses an article comprising a machine- 
readable medium storing instructions operable to cause one or more machines to 
perform operations comprising: 
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analyzing database access statements issued for an application in use (Col.2, 
lines 28-33, Win 1 ); 

determining accessed items and types of access for the application based on the 
issued database access statements for the application (Col.2, lines 31 - 34, Win 2 ); and 

developing a role associated with the application based on the determined 
accessed items and types of access (Col.2, lines 35 - 47, Win 3 ), wherein the role allows 
a user database access when associated the application (Col. 2, lines 39 - 40 and 47 - 
49, Win). 

Regarding Claims 2, and 1 1 , Win discloses a article, wherein analyzing the 
issued database access statements comprises: 

determining whether the database access statements have been captured 
(Figure 5B, item 516, Col. 10, lines 29 - 34, Win 4 ); 

normalizing the database access statements (Col. 14, lines 15-17, Win); and 

eliminating redundancies in the database access statements (Col. 14, lines 15- 
19, Win). 



1 Wherein examiner interprets the step of controlling access, particularly by receiving access information 
and identifying resources authorized (as disclosed by Win) as the step of analyzing the database access 
statements as claimed. 

2 Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

3 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 

4 Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 
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Regarding Claim 3, Win discloses a method wherein the database access 
statements comprise Structured Query Language (SQL) queries (Col. 7, lines 9 — 11, 
Win). 

Regarding Claims 4, and 12, Win discloses an article wherein the determined 
accessed items and types of access include objects accessed (Col. 2, lines 31 - 33, the 
resources, Win) and operations performed on the objects (Col. 2, lines 39 - 40, to use 
the resources, Win). 

Regarding Claims 5, and 13, Win discloses an article wherein developing a role 
comprises determining permissions for the application based on the determined 
accessed items and types of access (Col. 3, lines 34 - 44, Win). 

Regarding Claims 6, and 14, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising 
determining which of a set of users are authorized to use the application (Col. 3, lines 
13-14, Win). 

Regarding Claims 7, and 15, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising: 

determining whether a user request to establish an application session has been 
detected (Figure 5B, item 516, Col. 10, lines 29 - 34, a login attempt, Win); 
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finding the role associated with the application (Figure 5C, item 520 and 522, 
Col. 10, lines 57 - 63, Win); and 

assigning the role to a user (Col. 13, lines 32 - 34, Win). 

Regarding Claims 8, and 16, Win discloses an article wherein detecting a user 
request to establish an application session comprises determining if a user is authorized 
to use the application (Col. 13, lines 34 - 36, Win). 

Regarding Claims 9, and 17, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising: 

detecting an end of the application session (Col. 9 and 10, lines 45 - 47 and 39 - 
42; respectively, Win); and 

if an end of the application session is detected (Col. 10, lines 39 - 42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 

Regarding Claim 18, Win discloses a database security analyzer comprising: 
a communication interface operable to receive database access statements 

issued for an application in use (Figure 9, item 918, Communication Interface, Col. 27, 

lines 17 -31, Win); 

a memory operable to store the issued database access statements (Figure 9, 
item 906, Main Memory, Col. 26, lines 8-15, Win); and 
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a processor (Figure 9, item 904, processor, Col. 26, lines 36 - 42, Win) operable 
to develop a role associated with the application based on the issued database access 
statements for the application (Col. 2, lines 35 - 38, Win 5 ), wherein the role allows a 
user database access when using the application (Col. 2, lines 39 - 40 and 47 - 49, 
Win). 

Regarding Claim 19, Win discloses an analyzer wherein developing a role 
comprises: 

determining accessed items and types of access for an application based on the 
issued database access statements for the application (Col. 2, lines 31 - 34, Win 6 ); 

determining permissions for the application based on the determined accessed 
items and types of access (Col. 3, lines 34 - 37, Win); and 

developing a role associated with the application based on the determined 
permissions (Col. 2, lines 35 - 38, Win 7 ). 

Regarding Claim 20, Win discloses an analyzer wherein the determined 
accessed items and types of access include objects accessed (Col. 2, lines 31 ■ 
resources, Win) and operations performed on the objects (Col. 2, lines 39 - 40, 
the resources, Win). 



5 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 

6 Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

7 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 



- 33, the 
to use 
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Regarding Claim 21 , Win discloses an analyzer wherein developing a role 
comprises: 

determining whether issued database access statements have been captured 

(Figure 5B, item 516, Col. 10, lines 29 - 34, Win 8 ); 

normalizing the database access statements (Col. 14, lines 15-17, Win); and 
eliminating redundancies in the database access statements (Col. 14, lines 15 - 

19, Win). 

Regarding Claim 22, Win discloses an analyzer wherein the memory comprises 
instructions (Figure 9, item 906, Col. 26, lines 8-12, Win), and the processor operates 
according to the instructions (Figure 9, item 904, Col. 26, lines 36 - 38, Win). 

Regarding Claims 23, Win discloses a method comprising: 

capturing the database access statements issued for one or more applications in 
use (Figure 5B, item 516, Col. 10, lines 29 - 34, Win), wherein the database access 
statements comprise Structured Query Language (SQL) queries (Col. 7, lines 9-11, 
Win); 

normalizing the issued database access statements (Col. 14, lines 15-17, Win); 
eliminating redundancies in the normalized database access statements (Col. 14, 
lines 15 -19, Win); 



Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 
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determining accessed items and types of access for an application based on the 
issued database access statements for the application (Col. 2, lines 31 - 34, Win 9 ), 
wherein the determined accessed items and types of access include objects accessed 
(Col. 2, lines 31 - 33, the resources, Win) and operations performed on the objects 
(Col. 2, lines 39 - 40, to use the resources, Win); 

determining permissions for the application based on the accessed items and 
types of access (Col. 3, lines 34 - 37, Win); 

developing a role associated with the application based on the developed 
permissions (Col. 2, lines 35 - 38, Win 10 ); 

determining which of a set of users are authorized to use the application (Col. 3, 
lines 13-14, Win); 

detecting a user request to establish a session of the application (Figure 5B, item 
516, Col. 10, lines 29 - 34, a login attempt, Win); 

determining if the user is authorized to use the application (Col. 13, lines 34 - 36, 

Win); 

if the user is authorized to use the application, finding the role associated with the 
application (Figure 5C, item 520 and 522, Col. 10, lines 57 - 63, Win); 

assigning the role to the user (Col. 13, lines 32 - 34, Win); 

detecting an end of the application session (Col. 9 and 10, lines 45 - 47 and 39 - 
42; respectively, Win); and 



Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

10 Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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if an end of the application session is detected (Col. 1 0, lines 39 - 42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 
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Response to Arguments 

1 . Applicant argues that the prior art fails to disclose; "analyzing database access 
statements issued for an application in use"; and "developing a role associated with the 
application based on the determined accessed items and types of access, wherein the 
role allows a user database access when associated the application". 

Examiner respectfully disagrees. The applied art Win does disclose: analyzing 
database access statements issued for an application in use (Col. 2, lines 28 - 33, 
Win). Wherein examiner interprets the step of controlling access, particularly by 
receiving access information and identifying resources authorized (as disclosed by 
Win), based on the roles that are stored in association with user identifying information 
as the step of analyzing the database access statements as claimed. These steps 
disclose by Win imply the step of analyzing in order to identify based on the 
associations of the received information. 

Furthermore, the applied art Win does disclose: developing a role associated with the 
application based on the determined accessed items and types of access (Col. 2, lines 
35-47; ... defining a role of the user; and storing an association of the user of the user 
to the role at the second server ... ; Win). Wherein the step of defining the roles 
corresponds to the step of developing a role claimed. Additionally, Win discloses the 
amended limitation including: wherein the role allows a user database access when 
associated the application (Col. 2, lines 39 - 40 and 47 - 49; determining whether the 
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user may access the resource based on the information describing the roles and 
functional groups; Win). 

2. Applicant argues that the prior art fails to disclose; "capturing, normalizing, and 
eliminating redundancies in database access statements". 

Examiner respectfully disagrees. The applied art Win does disclose: capturing 
(Figure 5B, item 516, Col. 10, lines 29 - 34; ... Access Server 106, requests Register 
Server 108 to record a login attempt ... ; Win). Wherein the step of recording a login 
attempt corresponds to the step of determining whether the database access 
statements have been captured as claimed. The applied art Win does also disclose: 
normalizing (Col. 14, lines 15- 17, ... a normalized list ...; Win), and eliminating 
redundancies in database access statements (Col. 14, lines 15-19, ... duplicates are 
eliminated ... ; Win). 

3. Applicant argues that the prior art fails to disclose; "determining permissions for 
an application based on the determined accessed items and types of access". 

Examiner respectfully disagrees. The applied art Win does disclose: determining 
permissions for the application based on the determined accessed items and types of 
access (Col. 3, lines 34 - 44; determining, based on the one or more tokens, whether 
the client is authorized to use the one of the resources ... granting access to the 
resource only when the roles associated with the user satisfy an access rule ...; Win). 
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Conclusion 

1 . The prior art made of record arid not relied upon is considered pertinent to 
applicant's disclosure. 

2. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 



\ 
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Prior Art Made Of Record 

1. Win et al. (US Patent No. 6,182,142 B1, issued: January 30, 2001 ) disclose a 
distributed access management of information resources. 

2. Menninger (US Patent App. Pub. No. 2003/006981 8 A1 ) discloses a system, 
method, and computer program product for creating contracts using a graphical user 
interface in a supply chain management framework. 

3. Gold et al. (US Patent App. Pub. No. 2005/0102358 A1 ) discloses a web page 
monitoring and collaboration system. 
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Points Of Contact 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Giovanna Colan whose telephone number is (571) 272- 
2752. The examiner can normally be reached on 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Breene can be reached on (571 ) 272-4107. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an Application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Giovanna Colan 
Examiner 
Art Unit 21 62 
November 14, 2006 




